<?php
//include_once $_SERVER['DOCUMENT_ROOT']."/math-videos/configure.inc.php";
if(!isset($valid_controller)||$valid_controller===false)
{
  return;
}
$data_string = json_decode($_REQUEST['json'],true);  
foreach($data_string as $key=>$value)
{
	$$key = trim($value);
} 
//authertication user

$sqltext="select id as user_id , institute_id from users  WHERE username=? and password=?";
$params = array();

array_push($params,sql_escape($username));
array_push($params,sql_escape($password));
$result = db_select_query($conn2,$sqltext,$params);
$user_id='';
$institute_id='';
while($row = db_fetch_array($result))
{
	$user_id = $row['user_id'];
	$institute_id = $row['institute_id'];
}

if($user_id =='')
{
	//echo "HTTP/1.1 401 <br />";
	//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
	header('HTTP/1.1 401 Authorization Required');
//	echo "Location: https://api.mathinstitutes.org/metadata/v1/asset/2341<br />";
	echo "{\"error\": \"Authorization Required.\"}";
}
else
{
	$id= $assetID;
  $sqltext="select title, 
										abstract, 
										to_char(asset.lecture_date,'mm/dd/yyyy') as lecture_date,  
										duration, 
										asset_type, 
										abstract_url, 
										remote_url, 
										location, 
										event_title, 
										rating, 
										views,
										thumbnail,
										thumbnail_type,
										assetSHA1,
										timecodeSHA1,
										statisticsSHA1,
										thumbnailSHA1
									
										from asset WHERE id=? and institute_id=?";
	$params = array();
	//echo "sqltext=$sqltext<bR>";
	//exit();
	array_push($params,sql_escape($id));
	array_push($params,sql_escape($institute_id));
	$result = db_select_query($conn,$sqltext,$params);
	
	if(db_num_rows($result)<1)
	{
		//echo "Error 404 AssetId Not Found!";
	//	echo "HTTP/1.1 404, 403 <br />";
		header('HTTP/1.1 404, 403.Asset Not Found or Insufficient Permissions');
  	//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
		echo "{\"error\": \"Asset Not Found OR Insufficient Permissions.\"}";
	}
	else
	{
/*if(isset($_REQUEST['id'] ) && $_REQUEST['id'] !='' && is_numeric($_REQUEST['id'])  && strtoupper($_REQUEST['del']) =='Y' )
{
  $id = $_REQUEST['id'];
  if($_SESSION['admin'])
	{
		$sqltext="delete 
		from asset where id=?";
		$params = array();	
		array_push($params,sql_escape($id));
		db_change_query($conn,$sqltext,$params);
	
		$sqltext="delete 
		from presenter where asset_id=?";
		$params = array();
		array_push($params,sql_escape($id));
		db_change_query($conn,$sqltext,$params);
		$sqltext="delete 
		from keyword where asset_id=?";
		$params = array();
		array_push($params,sql_escape($id));
		db_change_query($conn,$sqltext,$params);
		$sqltext="delete 
		from  timecode where asset_id=?";
		$params = array();
		array_push($params,sql_escape($id));
		db_change_query($conn,$sqltext,$params);
		$sqltext="delete 
		from msc_number where asset_id=?";
		$params = array();
		array_push($params,sql_escape($id));
		db_change_query($conn,$sqltext,$params);
		 header("location:".$site_http."/admin");
	}
	else
	{
*/	/*	$sqltext="select institute_id from user  WHERE id=?";
		$params = array();
		
		array_push($params,sql_escape($_SESSION['user_id']));
		$result = db_select_query($conn,$sqltext,$params);
	
		$institute_id='';
		while($row = db_fetch_array($result))
		{
			$institute_id = $row['institute_id'];
		}*/
		while($row = db_fetch_object($result))
		{
			foreach ($row as $key => $value) 
			{
				$value = trim($value);
				$$key= $value;
				//echo "$key=$value<bR>";
			}
		}
		if($institute_id  !='')
		{
			if($thumbnail_type !='' )//has thumbail
			{			
				$image_name =$id."_thumb.".$thumbnail_type;
				$thumbnail_image_file = $institute_id."/".$id."/".$image_name;	
			//	echo $_SERVER['DOCUMENT_ROOT']."/math-videos/images/$thumbnail_image_file"; 
				if(file_exists($_SERVER['DOCUMENT_ROOT']."/math-videos/images/$thumbnail_image_file"))
				{
					unlink($_SERVER['DOCUMENT_ROOT']."/math-videos/images/$thumbnail_image_file");
				}
			}
		//	exit();
			$sqltext="delete 
			from asset where id=? and institute_id =?";
			$params = array();	
			array_push($params,sql_escape($id));
			array_push($params,sql_escape($institute_id));
			db_change_query($conn,$sqltext,$params);
			$sqltext="delete 
			from presenter where asset_id=?";
			$params = array();
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
			$sqltext="delete 
			from keyword where asset_id=?";
			$params = array();
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
			$sqltext="delete 
			from  timecode where asset_id=?";
			$params = array();
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
			$sqltext="delete 
			from msc_number where asset_id=?";
			$params = array();
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);	
			//add to api log
			$sqltext="INSERT INTO api_logs(query,added_date,user_id, institute_id, asset_id) values( ?, ?, ?,?,?)";
			$params = array();
			array_push($params,'Delete');
			array_push($params,date("Y-m-d H:i:s"));
			array_push($params,sql_escape($user_id));
			array_push($params,sql_escape($institute_id));
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
			//echo "HTTP/1.1 200  OK <br />";
			unset($result_array);
			$result_array['Deleted assetID']=$id;		
			
			header('HTTP/1.1 200  OK. Successful deletion data from asset.');
			//echo json_encode($result_array);
			$result=json_encode($result_array);
			if(isset($_REQUEST['callback']))
			{  
			  echo $_REQUEST['callback']. '(' . $result . ');';
			  return;
			}
			echo $result;
			//echo "Date: ".gmdate('D, j F Y g:i:s')." GMT<br />";
					//echo "Content-Type: application/json<br />";
	/*		echo "{ <br />\"Deleted assetID\": $id<br />
									}";*/
		}
	}
}

?>